Pretty much all of these "we're going to expose security holes in public next week" things do involve new "zero day" bugs. No one pays them any attention if they aren't demonstrated on fully patched, up-to-date systems.
Almost all of the holes I've seen lately involve a standard user logging in and running a program or visiting a web site, and as a result, getting a root shell on the machine (local program) or leaking information. (browser) While these aren't good things, they're much more benign than remote exploits, the things that make for worms.
The majority of the web browser issues are via java or adobe plugins. Too bad safari doesn't properly sandbox those things... they're notorious for giving safari a bad rep for security. (tho quicktime certainly has its fair share... QT itself should also be sandboxed imho)
Also, most of them are of the "denial of service" variety, meaning they cause something to crash. In all but a few cases, these crashes are difficult to exploit to get something useful like a root shell.
I work for the Department of Redundancy Department
